private boolean findClaimInAssertion(org.opensaml.saml.saml1.core.Assertion assertion, URI claimURI) { List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return false; } for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) { List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes(); for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) { URI attributeNamespace = URI.create(attribute.getAttributeNamespace()); String desiredRole = attributeNamespace.relativize(claimURI).toString(); if (attribute.getAttributeName().equals(desiredRole) && attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty()) { return true; } } } return false; } }
/** * Constructs an {@link Assertion} using the parameters supplied, with its issue instant set to the * current time. * * @param action the current action * @param idGenerator source of assertion ID * @param issuer value for assertion * * @return the assertion */ @Nonnull public static Assertion buildAssertion(@Nonnull final AbstractProfileAction action, @Nonnull final IdentifierGenerationStrategy idGenerator, @Nonnull @NotEmpty final String issuer) { final SAMLObjectBuilder<Assertion> assertionBuilder = (SAMLObjectBuilder<Assertion>) XMLObjectProviderRegistrySupport.getBuilderFactory().<Assertion>getBuilderOrThrow( Assertion.DEFAULT_ELEMENT_NAME); final Assertion assertion = assertionBuilder.buildObject(); assertion.setID(idGenerator.generateIdentifier()); assertion.setIssueInstant(new DateTime()); assertion.setIssuer(issuer); assertion.setVersion(SAMLVersion.VERSION_11); getLogger().debug("Profile Action {}: Created Assertion {}", action.getClass().getSimpleName(), assertion.getID()); return assertion; }
/** * Creates and adds a {@link Conditions} to a given {@link Assertion}. If the {@link Assertion} already contains an * {@link Conditions} this method just returns. * * @param action current action * @param assertion assertion to which the condition will be added * * @return the {@link Conditions} that already existed on, or the one that was added to, the {@link Assertion} */ @Nonnull public static Conditions addConditionsToAssertion(@Nonnull final AbstractProfileAction action, @Nonnull final Assertion assertion) { Conditions conditions = assertion.getConditions(); if (conditions == null) { final SAMLObjectBuilder<Conditions> conditionsBuilder = (SAMLObjectBuilder<Conditions>) XMLObjectProviderRegistrySupport.getBuilderFactory().<Conditions>getBuilderOrThrow( Conditions.DEFAULT_ELEMENT_NAME); conditions = conditionsBuilder.buildObject(); assertion.setConditions(conditions); getLogger().debug("Profile Action {}: Assertion {} did not already contain Conditions, added", action.getClass().getSimpleName(), assertion.getID()); } else { getLogger().debug("Profile Action {}: Assertion {} already contains Conditions, nothing was done", action.getClass().getSimpleName(), assertion.getID()); } return conditions; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { Assertion assertion = (Assertion) parentSAMLObject; if (childSAMLObject instanceof Signature) { assertion.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof Conditions) { assertion.setConditions((Conditions) childSAMLObject); } else if (childSAMLObject instanceof Advice) { assertion.setAdvice((Advice) childSAMLObject); } else if (childSAMLObject instanceof Statement) { assertion.getStatements().add((Statement) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
/** * Create a new SAML1 response object. * * @param authnStatement the authn statement * @param issuer the issuer * @param issuedAt the issued at * @param id the id * @return the assertion */ public Assertion newAssertion(final AuthenticationStatement authnStatement, final String issuer, final DateTime issuedAt, final String id) { final Assertion assertion = newSamlObject(Assertion.class); assertion.setID(id); assertion.setIssueInstant(issuedAt); assertion.setIssuer(issuer); assertion.getAuthenticationStatements().add(authnStatement); return assertion; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException { Assertion assertion = (Assertion) samlElement; if (assertion.getID() != null) { domElement.setAttributeNS(null, Assertion.ID_ATTRIB_NAME, assertion.getID()); if (assertion.getMinorVersion() != 0) { domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true); } } if (assertion.getIssuer() != null) { domElement.setAttributeNS(null, Assertion.ISSUER_ATTRIB_NAME, assertion.getIssuer()); } if (assertion.getIssueInstant() != null) { String date = ISODateTimeFormat.dateTime().print(assertion.getIssueInstant()); domElement.setAttributeNS(null, Assertion.ISSUEINSTANT_ATTRIB_NAME, date); } domElement.setAttributeNS(null, Assertion.MAJORVERSION_ATTRIB_NAME, "1"); if (assertion.getMinorVersion() == 0) { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "0"); } else { domElement.setAttributeNS(null, Assertion.MINORVERSION_ATTRIB_NAME, "1"); } } }
val credential = new WsFederationCredential(); credential.setRetrievedOn(retrievedOn); credential.setId(assertion.getID()); credential.setIssuer(assertion.getIssuer()); credential.setIssuedOn(ZonedDateTime.parse(assertion.getIssueInstant().toDateTimeISO().toString())); val conditions = assertion.getConditions(); if (conditions != null) { credential.setNotBefore(ZonedDateTime.parse(conditions.getNotBefore().toDateTimeISO().toString())); if (!assertion.getAuthenticationStatements().isEmpty()) { credential.setAuthenticationMethod(assertion.getAuthenticationStatements().get(0).getAuthenticationMethod()); assertion.getAttributeStatements().stream().flatMap(attributeStatement -> attributeStatement.getAttributes().stream()).forEach(item -> { LOGGER.debug("Processed attribute: [{}]", item.getAttributeName()); final List<Object> itemList = item.getAttributeValues().stream()
assertion.setID(identifierGenerationStrategy.generateIdentifier()); assertion.setIssueInstant(now); assertion.setVersion(SAMLVersion.VERSION_11); assertion.setIssuer(entityID); audienceRestriction.getAudiences().add(audience); conditions.getAudienceRestrictionConditions().add(audienceRestriction); assertion.setConditions(conditions); assertion.getAuthenticationStatements().add( newAuthenticationStatement(now, state.getAuthenticationMethod(), state.getPrincipalName())); assertion.getAttributeStatements().add(attrStatement);
org.opensaml.saml.saml1.core.Assertion saml1 = (org.opensaml.saml.saml1.core.Assertion)samlObject; subjectStatements.addAll(saml1.getSubjectStatements()); subjectStatements.addAll(saml1.getAuthenticationStatements()); subjectStatements.addAll(saml1.getAttributeStatements()); subjectStatements.addAll(saml1.getAuthorizationDecisionStatements()); for (SubjectStatement subjectStatement : subjectStatements) { Subject subject = subjectStatement.getSubject();
samlCallback.getAuthenticationStatementData() ); saml1.getAuthenticationStatements().addAll(authenticationStatements); samlCallback.getAttributeStatementData() ); saml1.getAttributeStatements().addAll(attributeStatements); samlCallback.getAuthDecisionStatementData() ); saml1.getAuthorizationDecisionStatements().addAll(authDecisionStatements); saml1.setConditions(conditions); saml1.setAdvice(advice);
assertion.setConditions(conditions); LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId()); assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement( subject, attributesToSend, this.defaultAttributeNamespace));
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml1.core.Assertion assertion) { List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { if (LOG.isLoggable(Level.FINEST)) { c.setIssuer(assertion.getIssuer()); c.setClaimType(URI.create(attribute.getAttributeName())); try {
/** * Method getId returns the id of this SamlAssertionWrapper object. * * @return the id (type String) of this SamlAssertionWrapper object. */ public String getId() { String id = null; if (samlVersion == SAMLVersion.VERSION_20) { id = ((org.opensaml.saml.saml2.core.Assertion)samlObject).getID(); if (id == null || id.length() == 0) { LOG.error("SamlAssertionWrapper: ID was null, seeting a new ID value"); id = IDGenerator.generateID("_"); ((org.opensaml.saml.saml2.core.Assertion)samlObject).setID(id); } } else if (samlVersion == SAMLVersion.VERSION_11) { id = ((org.opensaml.saml.saml1.core.Assertion)samlObject).getID(); if (id == null || id.length() == 0) { LOG.error("SamlAssertionWrapper: ID was null, seeting a new ID value"); id = IDGenerator.generateID("_"); ((org.opensaml.saml.saml1.core.Assertion)samlObject).setID(id); } } else { LOG.error("SamlAssertionWrapper: unable to return ID - no saml assertion object"); } return id; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { try { final AttributeStatement statement = buildAttributeStatement(profileRequestContext, getAttributeContext().getIdPAttributes().values()); if (statement == null) { log.debug("{} No AttributeStatement was built, nothing to do", getLogPrefix()); return; } final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } assertion.getAttributeStatements().add(statement); log.debug("{} Adding constructed AttributeStatement to Assertion {} ", getLogPrefix(), assertion.getID()); } catch (final AttributeEncodingException e) { ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_ENCODE_ATTRIBUTE); } } //CheckStyle: ReturnCount ON
issueInstant = getSaml2().getIssueInstant(); } else if (getSamlVersion().equals(SAMLVersion.VERSION_11) && getSaml1().getConditions() != null) { validTill = getSaml1().getConditions().getNotOnOrAfter(); issueInstant = getSaml1().getIssueInstant();
public Instant getNotBefore() { DateTime validFrom = null; if (getSamlVersion().equals(SAMLVersion.VERSION_20)) { validFrom = getSaml2().getConditions().getNotBefore(); } else { validFrom = getSaml1().getConditions().getNotBefore(); } // Now convert to a Java Instant Object if (validFrom != null) { return validFrom.toDate().toInstant(); } return null; }
private void createNewConditions(SamlAssertionWrapper assertion, TokenRenewerParameters tokenParameters) { ConditionsBean conditions = conditionsProvider.getConditions(convertToProviderParameters(tokenParameters)); if (assertion.getSaml1() != null) { org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); saml1Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml1.core.Conditions saml1Conditions = SAML1ComponentBuilder.createSamlv1Conditions(conditions); saml1Assertion.setConditions(saml1Conditions); } else { org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); saml2Assertion.setIssueInstant(new DateTime()); org.opensaml.saml.saml2.core.Conditions saml2Conditions = SAML2ComponentBuilder.createConditions(conditions); saml2Assertion.setConditions(saml2Conditions); } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Assertion assertion = assertionLookupStrategy.apply(profileRequestContext); if (assertion == null) { log.error("Unable to obtain Assertion to modify"); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return; } final AuthenticationStatement statement = buildAuthenticationStatement(profileRequestContext, authenticationContext.getSubcontext(RequestedPrincipalContext.class)); assertion.getAuthenticationStatements().add(statement); log.debug("{} Added AuthenticationStatement to Assertion {}", getLogPrefix(), assertion.getID()); }
public String apply(final org.opensaml.saml.saml1.core.Assertion input) { return input.getID(); } });
/** * Constructs and adds a {@link Assertion} to the given {@link Response}. The {@link Assertion} is constructed * using the parameters supplied, and its issue instant is set to the issue instant of the given {@link Response}. * * @param action the current action * @param response the response to which the assertion will be added * @param idGenerator source of assertion ID * @param issuer value for assertion * * @return the assertion that was added to the response */ @Nonnull public static Assertion addAssertionToResponse(@Nonnull final AbstractProfileAction action, @Nonnull final Response response, @Nonnull final IdentifierGenerationStrategy idGenerator, @Nonnull @NotEmpty final String issuer) { final Assertion assertion = buildAssertion(action, idGenerator, issuer); assertion.setIssueInstant(response.getIssueInstant()); getLogger().debug("Profile Action {}: Added Assertion {} to Response {}", new Object[] {action.getClass().getSimpleName(), assertion.getID(), response.getID(),}); response.getAssertions().add(assertion); return assertion; }